IT Risk Officers

Is the mainframe environment a part of your IT Risk Assessment methodology?

Does your security team provide you with ongoing reports on the security of your mainframe?

Do you have the proper controls, governance, and communication to leadership on all aspects of securing your mainframe environment?

Do you have a Mainframe Vulnerability Management Program? If not, what aspects of the mainframe are included in compliance audits?

Do you have compliance solutions that utilize the commonalities in all the compliance regulations?

Every law and regulation pertaining to digital privacy has three objectives — confidentiality, integrity availability — and impacts three IT compliance components — people, process, technology (PPT).

It is predicted that by 2020, there will be over 20 billion devices connected to the Internet of Things (IoT), over 44 trillion gigabytes of data in cyberspace, and 1.7 megabytes of new information will be created every second for every human on the planet. Businesses, which account for only 37% of the 500 gigabytes of data produced per minute today, are predicted to spend 57% of a forecasted $2.9 trillion on endpoint security by 2020. Why? Because organizations are still trying to protect their physical networks from being hacked, rather than protecting their information from being breached.

Do you understand why protecting threats from getting in does not protect information from getting out?

Do you understand the best practices for protecting the confidentiality, integrity, and availability of information stored on your mainframe?

Are you aware that mainframe code-based vulnerabilities are not ranked in the NIST National Vulnerability Database (NVD)?

Vendors have Security Patch databases that are not proactive, but reactive. In order to know what Integrity vulnerabilities have been found and patched requires your organization to take a proactive approach with each software vendor.